Hacking Aviation Policy

Presented at DEF CON 30 (2022), Aug. 13, 2022, noon (105 minutes)

TSA and DEFCON will host a policy discussion group focused on the current cybersecurity threats to the aviation ecosystem. Discussion will be focused on the increasing threat space focused on airports, airframes, airlines, and air cargo. Additional topics of discussion will focus on cybersecurity work force issues, prioritization of mitigation measures to counter the threats, and how the research community can assist the government and the private sector. The aviation sector policy discussion will be held under Chatham House rules, otherwise known as “what happens in Vegas, stays in Vegas,” with the desired outcome that participants will come away with a better understanding of the threats, possible solutions, and the importance of collaboration to solve these pressing issues. Given the global nature of aviation, we will touch on the partnerships and policy regimes under consideration by the international community.

Presenters:

• Meg King - Executive Director for Strategy, Policy Coordination & Innovation, Transportation Security Administration
• Ken Munro - Pentest Partners
  Ken Munro is Partner and Founder of Pen Test Partners, a firm of penetration testers with a keen interest in aviation. Pen Test Partners has several pilots on the team, both private and commercial, recognizing that the increase in retired airframes has created opportunities for independent security research into aviation security. Pen Test Partners has been recognized for its highly responsible approach to vulnerability disclosure in aviation and was invited to join the Boeing Cyber Technical Council as a result. Pen Test Partners has published research into aviation cyber security, covering topics from airborne connectivity, avionics hardware, and connectivity with ground systems.
• Pete Cooper - Deputy Director Cyber Defence
• Timothy Weston - Deputy Executive Director (acting), Cybersecurity Policy Coordinator, Transportation Security Administration
  Tim Weston is the Director for Strategy & Performance in TSA’s office of Strategy, Policy Coordination and Innovation. Mr. Weston also serves as the TSA Cybersecurity Policy Coordinator. Previously, he worked in the TSA Office of Chief Counsel, as Senior Counsel in the Security Threat Assessment Division.
• Ayan Islam - R-Street Institute
  Ayan Islam is the associate policy director of Cybersecurity and Emerging Threats at R Street Institute and adjunct lecturer of the Cyber Threats and Security policy course at American University’s School of Public Affairs. Previously, she served as the critical infrastructure portfolio lead in the Insights/Mitigation team, the Operation Warp Speed liaison, and cybersecurity strategist for the Aviation Cyber Initiative (ACI) at the Cybersecurity and Infrastructure Security Agency (CISA).

Links:

• https://forum.defcon.org/node/242800

Similar Presentations:

• Black Hat Europe 2017 / Diplomacy and Combating Evolving International Cyber Threats
• GrrCON 2019 / Big Plane, Little Plane: How common aviation attacks affect airlines and general aviation
• DEF CON 30 (2022) / Return-Oriented Policy Making for Open Source and Software Security